|
PHP - Permissions Error I Can't Figure Out
Can someone please give me some guidance on how to deal with the following warning Quote
Warning: move_uploaded_file(../usernet/img/60ff59c9f0a830.45733158.jpg): Failed to open stream: Permission denied in /opt/lampp/htdocs/site/admin/add_post.php on line 23 All directories and files in the path have full owner permissions and I've made myself the owner of them all (I'm on a linux system). I've also done the same with the /tmp folder. I can't even think of anything else to change and haven't found anything online that solves the issue. in case it's needed, the php is as follows: <?php
require("assets/initializations.php");
if(isset($_POST['add_post']) && !empty($_FILES['post_image'])) {
$filename = $_FILES['post_image']['name'];
$file_tmp_name = $_FILES['post_image']['tmp_name'];
$filesize = $_FILES['post_image']['size'];
$file_ext = explode('.', $filename);
$file_act_ext = strtolower(end($file_ext));
$allowed = array('jpeg', 'jpg', 'png', 'gif');
if(!in_array($file_act_ext, $allowed)) {
header("Location: add_post.php?message=file_type_not_allowed");
} else {
if($filesize > 10000000) {
header("Location: add_post.php?message=file_too_large");
} else {
$file_new_name = uniqid('', true) . "." . $file_act_ext;
$dir = "../usernet/img/";
$target_file = $dir . basename($file_new_name);
move_uploaded_file($file_tmp_name, $target_file);
echo "<script>alert('Image uploaded successfully');</script>";
}
}
}
I do get the javascript alert that's it's been successfully uploaded, but the image doesn't make it into the specified directory and I get the warnings at the top. I'm also, probably obviously from the path, using XAMPP server for development. TIA Similar TutorialsHey, practicing my PHP for the first time, starting with a simple upload script with Xampp. Script: Code: [Select] $target = '/Uploads'; $uploadedfile = $target . basename($_FILES['file']['name']); if(move_uploaded_file($_FILES['file']['tmp_name'], $target)){ echo "The file ". basename($_FILES['file']['name'])." has been uploaded."; } else { echo 'Failed'; } error_reporting(E_ALL); It echos out a successful, but the file is nowhere? Uploads is inside htdocs. Checked my php.ini file: file_uploads = On upload_tmp_dir = "C:\xampp\tmp" upload_max_filesize = 128M Just wondering if there are any permission i may have missed? Hi im still learning php and have been running through the tutorials on making a user authentication system but im getting an error on one line but ive got the same code else where and its fine... Code: [Select] // Must have at least one character if (strspn($_POST['user_name'],$span_str) == 0) { return false; } Im getting the error on the if statment but no matter what i try it still tells me theres an error... Heres the full function code: Code: [Select] function account_namevalid() { // parameter for use with strspan $span_str = "abcdefghijklmnopqrstuvwxyz" . "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-"; // Must have at least one character if (strspn($_POST['user_name'],$span_str) == 0) { return false; } // Must contain all legal characters if (strspn($_POST['user_name'],$span_str) != srnlen($name)) { return false; } // Min and Max length if ($strlen($_POST['user_name']) < 5) { return false; } if strlen($_POST['user_name']) > 25 { return false; } // Illegal names if (eregi("^((root)|(bin)|(deamon)|(adm)|(lp)|(sync)|(shutdown)|(halt)|(mail)|(news)|(uucp)|(operator)|(games)|(mysql)| (httpd)|(nobody)|(dummy)|(www)|(cvs)|(shell)|(ftp)|(irc)|(debian)|(ns)|(download)))$", $_POST['user_name'])) { return false; } if (eregi("^(anoncvs_)", $_POST['user_name'])) { return false; } return true; } Any help or info would be greatfull... Cheers Chris I am getting Fatal error: Uncaught Error: Call to a member function real_query() on null with this code:
public final function Retrieve($TABLE, $CRIT){
$_query = "SELECT * FROM `{$TABLE}` WHERE ";
foreach($CRIT as $_field => $info){
$_query .= " `{$_field}` = `{$info}` &&";
}
if($this->LINK->real_query(rtrim($_query, ' &'))){
return $this->LINK->store_result();
} else{
return json_encode(array("Error"=>$this->LINK->errno(), "Description"=>$this->LINK->error()));
}
}
(LINK is my mysql_connect() result.) I have tried everything i can think of, ->query, going to mysqli_query, breaking it sown and using a $result variable, but nothing seems to work... Edited March 29, 2019 by KaraethonFatal error: Cannot redeclare class MySQLDB in /home/xservers/public_html/skylar/VIP/include/database.php on line 14 This is the code: <?php $Fname = $_POST["Fname"]; if (!isset($_POST['SUBMIT'])) { // if page is not submitted to itself echo the form ?> <html> <body> <head> <title>Personal INFO</title> </head> <body bgcolor="#008080"> <h1><blink><font color="#FF0000"><strong>Naruto Biography Creation</strong></font></blink></h1> <h3><font size="1" color="#0000FF">Please note, info with a (*) must be filled in!</h> </font> <form method="post" action="<?php echo $PHP_SELF;?>"> <p><font size="2"><b>*First Name:</b></font><input type="text" size="30" maxlength="12" name="Fname"><br /> <br /> <font size="2"><b>*Last Name:</b></font><input type="text" size="30" maxlength="36" name="Lname"><br /> <br /> <b><font size="2">*Gender:</font></b><br /> <input type="radio" value="Male" name="Gender" style="font-weight: 700"><b><font size="2">Male</font> </b><input type="radio" value="Female" name="Gender" style="font-weight: 700"><b><font size="2">Female</font></b></p> <p><b><font size="2">Background Info:</font></p> <textarea rows="3" cols="33" name="Background INFO" wrap="hard">Enter your Character's History</textarea><p><font size="2">Appearance:</font></p> <p> <textarea rows="3" cols="33" name="*Appearance" wrap="hard">State how your character look</textarea></p> <p><font size="2">Personality:</font><br/><span> <textarea rows="3" cols="33" name="*Personality" wrap="hard">Explain your Character's qualities, attitude, etc.</textarea></span></p> <p><span><br /></span> <font size="2">*Affiliation:</font><br /> <select name="Affiliation" size="3" width="8"> <option value="None" selected>Select one</option> <option value="Leaf">Leaf</option> <option value="Sand">Sand</option> <option value="Cloud">Cloud</option> <option value="Rogue">Rogue</option> </select><br /> <font size="2">*Rank:</font><br /> <select name="Rank" size="3" width="8"> <option value="none" selected>Select one</option> <option value="Gennin">Genin</option> <option value="Chuunin">Chuunin</option> <option value="Jounin">Jounin</option> <option value="S class">S class</option> </select> </p> <p> <input type="submit" value="submit" name="submit"></p> </form> </body> </html> <? } esle { echo "Hello,".$Fname." ".Lname.".<br />"; } ?> I get this all the time Quote Parse error: syntax error, unexpected $end in F:\wamp\www\index.php on line 78 I work on Wamp, and I am a beginner so I am totally lost could anyone help please Here is the code: Code: [Select] <?php if (!defined('INCLUDE_GUARD')) { header("Location: /errors/forbidden"); return; } include_once("incs/cls/DatabaseManager.class.php"); include_once("incs/cls/VariantTemplate.class.php"); class Core { private $_logger; private $_self_test_results; private $_config; private $_dbmgr; private $_vtemp; public __construct() // this is line 19 { $this->setupLogger(); $this->_self_test_results = array(); $this->_self_test_results['missing'] = array(); $this->_self_test_results['failed'] = array(); $this->_config = array(); $this->_dbmgr = null; $this->_vtemp = null; $this->selfTest(); } Here is the error I've been receiving. Parse error: syntax error, unexpected T_STRING, expecting T_VARIABLE in /home/ditecha1/public_html/slick/incs/cls/SlickCMSCore.class.php on line 19 I am finding this error extremely weird, my host uses PHP 5.2.14. I was setting the private variables directly (without the assistance of the constructor), but I removed this and had the constructor set basic values to start with to see if this was the issue, but it wasn't. I've tried commenting out the include_once lines, since they are also in development I thought maybe an error was being carried over in to this file as the includes were happening, but still no change in the error message at all. Any help would be greatly appreciated! I hate header errors... I can never figure them out, im getting this error; Warning: Cannot modify header information - headers already sent by (output started at /home/damnpeti/public_html/restrict2.php:6) in /home/damnpeti/public_html/restrict2.php on line 62 Code: <?php $testDB = mysql_connect('localhost', $db_user, $db_pwd); mysql_select_db ($db_name); if (!$testDB) { die('Could not connect: ' . mysql_error()); } $surfer_ip = $_SERVER["REMOTE_ADDR"]; $str_sql = "select * from ".$db_table." where ipaddress='".$surfer_ip."'"; $result = mysql_query($str_sql); if ($row = mysql_fetch_assoc($result)) { $blocked_time = strtotime($row['blocked_time']); if($blocked_time != 0) { $current_time = time(); if($current_time - $blocked_time > 3600*24) //24 hours past { $str_sql = "delete from ".$db_table." where ipaddress='".$surfer_ip."'"; mysql_query($str_sql); $str_sql = "insert into ".$db_table." (ipaddress, surf_index) values('".$surfer_ip."', 1)"; mysql_query($str_sql); } else { die ("<center><div class='errors'>You have accessed this page too many times. To regain access, purchase a license or wait 24 hours.</div></center>"); } } else { if($row['surf_index'] < 2) { $str_sql = "update ".$db_table." set surf_index=surf_index+1 where ipaddress='".$surfer_ip."'"; mysql_query($str_sql); } else { $str_sql = "update ".$db_table." set blocked_time='".date ("Y-m-d H:i:s")."' where ipaddress='".$surfer_ip."'"; mysql_query($str_sql); die ("<center><div class='errors'>You have accessed this page too many times. To regain access, purchase a license or wait 24 hours.</div></center>"); } } } else { $str_sql = "insert into ".$db_table." (ipaddress, surf_index) values('".$surfer_ip."', 1)"; mysql_query($str_sql); } if(!isset($_COOKIE['surf_no'])) setCookie('surf_no', '1'); else setCookie('surf_no', $_COOKIE['surf_no']+1); if ($_COOKIE['surf_no'] > 2) die("<center><div class='errors'>You have accessed this page too many times. To regain access, purchase a license or wait 24 hours.</div></center>"); include 'http://damnitpetitions.com/cut/index3.php'; ?> Line 62 is if ($_COOKIE['surf_no'] > 2) I know it has something to do with the cookie... but Idk? I need the include there. If there include isnt where its at, the script is worthless. Hi I've got a file upload script i've written and I have set the folder to 777 to allow uploads With the permission set to 777 does this open me up to potential uploads from 3rd parties? (ie: viruses etc)? So I thought what I would do is 1: Set folder to 777 to allow uploads 2: Upload file 3: Set folder to 755 to disable uploads Would this be the best method to do it? Or is that a waste of time and am I safe just leaving it as 777 Thanks So here is a concept of a permission system that I haven't really seen any where else. Now usually conventional permissions are usually stored in columns whilst the record specifies a bit which is then used to determine if the record has access to that permission.
Below is my concept of how permissions should be done, I'm looking for someone who can help me create the system in a way which would be easily implementable by other applications such as MyBB. In my case I have multiple game servers, and most of my players have accounts created on my forums which are powered by MyBB, I'm currently in the process of integrating their MyBB accounts across all my related game servers, but one thing I've noticed is that I have multiple permission systems created for all of my servers so right now I'm also trying to integrate all of them into one system so please try and understand that I designed this system in a way that could be used by multiple applications.
Any constructive criticism is accepted.
So the idea is that you have 1 table, I'll just list it here to make it easier to follow: - uniperms_nodes Now the uniperms_nodes table will contain the following columns:
- key (Int, Not Null, Primary Key, Auto Increment)
- type (Enum('USER', 'GROUP'), Not Null)
- id (Int, Not Null)
- permission (Varchar(255), Not Null)
- description (Text)
Now here is how it works,a record is inserted into the uniperms_nodes table containing the necessary information. Here is an example:
INSERT INTO `uniperms_nodes` (`type`, `id`, `permission`, `description`)
VALUES ('GROUP', '1', 'my.test.node', 'A simple permission');
With this information inserted, I can simply use the following query in order to get all of the permissions related to the GROUP with the ID of 1. SELECT `permission` FROM `uniperms_nodes` WHERE type='GROUP' AND id=1;With this array of permission nodes I can simply just check if the array has 'my.test.node', if the array contains 'my.test.node' then that means that the group I queried has access to that permission. Now the reason I have the types USER and GROUP is because maybe you would like to give permissions to individual users, but maybe you wouldn't necessarily want to create a new group. I'm currently looking for someone to help me create a lovely interface for this system, so that it's easier for the user to modify a group/user's permissions. If you're interested feel free to message me here on the forums or via email. kieron.wiltshire@outlook.com Edited by KieronWiltshire, 19 November 2014 - 11:15 AM. Hello needed for permissions well dont know even how to ask . im building simple betting and im want to add message if user has submitted bet but problem im got is once user submit all other bets comes with message how to make it work separate for every single row Here is my code Code: [Select] $statom = $TSUE['TSUE_Database']->query("SELECT count(*), b.betid, a.betid, a.memberid, a.chosen_team FROM rasta_betters a, rasta_betting b WHERE memberid = ".$TSUE['TSUE_Member']->info["memberid"]." AND b.betid = a.betid "); $arr = mysqli_fetch_array($statom); if ($arr[0] > 0) { $forma = '<div class="success">You have placed bet here</div>'; } else{ $team1 = $row['team1']; $team2 = $row['team2']; $pisk = '<input type="checkbox" name="komanda" value="'.$team1.'" />'; $pisk2 = '<input type="checkbox" name="komanda" value="'.$team2.'" />'; $komanda = ''; $komanda = $team1.$pisk; $komanda2 = ''; $komanda2 = $team2.$pisk2; $forma = 'This bet end on:'. date('Y-m-d H:i:s',$row['finish']).''; eval("\$betting_form = \"".$TSUE['TSUE_Template']->LoadTemplate('betting_form')."\";"); $forma .= $betting_form; } $TSUE['TSUE_Member']->info["memberid"] that is actual user id gets id auto I'm doing a flash app where i save webcam images to a folder on the server. I'm able to make this work when running of xampp on my machine, I create the required folder structure and I'm able to read from that folder and display the images, however once i move the stuff onto a live server, it fails to create the folders and it seems to be a permission problem. Is it server specific? i've tried chmod etc but I don't think i'm doing it right. any help, pointers for a non php developer would be most helpful. here's my code snippet <?php //This project is done by vamapaull: http://blog.vamapaull.com/ //The php code is done with some help from Mihai Bojin: http://www.mihaibojin.com/ $uid = $_GET[uid]; $structure = './images/' . date("Ymd") .'/' . $uid. '/'; // To create the nested structure, the $recursive parameter // to mkdir() must be specified. if(is_dir($structure)) { echo "Exists!"; } else { echo "Doesn't exist" ; if (!mkdir($structure,'0777', true) ) { die('Failed to create folders...'); } } if(isset($GLOBALS["HTTP_RAW_POST_DATA"])){ $jpg = $GLOBALS["HTTP_RAW_POST_DATA"]; $img = $_GET["img"]; $filename = 'images/' . date("Ymd"). "/" .$uid. "/img_". mktime(). ".jpg"; file_put_contents($filename, $jpg); } else{ echo "Encoded JPEG information not received."; } ?> Dear Coder Bro, I made a simple php script which copy some files to the server directory through a php loop. It means it will copy some 1000+ files via loop & store into a directory. The script worked fine before some 2 - 3days, Suddenly i saw that script is executing but no files copied to the server's directory. I checked the directory permission & it was 755. I changed the permission to 777 and run the script once again and it worked success... But the problem is the directory permission automatically changes to the old 755. I don't know how it happen. I need to change the directory permission to 777 when i begin to run the script. My Question is. 1.) Why did the directory permission automatically changes to 755. ? 2.) How to solve this problem to avoid the every time directory permission changing behavior ? I Hope expert coder guys will respond soon...! Wasn't sure exactly where to post this at but here is my issue. I have a directory setup where multiple developers work on a project and they all have "group" access to the folder and files(read, write, execute) so the permissions on the php files need to be 775 so they can upload and overwrite the files via FTP. The problem is that PHP files will not work with permissions of 775 and throw a internal server error unless I change it to something lower. Is there a way to overcome this for these files? Hey guys i have a script that i made with multiple permissions.. i need to add in the pages restitutions for diffrent levels.. so i got the level $query = "SELECT * FROM users WHERE `username`='$username_from_cookie'"; $numresults=mysql_query($query); $numrows=mysql_num_rows($numresults); // get results $result = mysql_query($query) or die("Couldn't execute query"); // now you can display the results returned while ($row10= mysql_fetch_array($result)) { $permissions= $row10["permissions"]; echo '$permissions'; } Now to restick im ok with like to but more then that i get confused.. this shows navigation on levels of permissions.. if ($row10['permissions'] == 2) { print "<a href=\"U.php\"><img src=\"./Icons/Users.png\" title=\"Prof\" /></a>"; } else { print "<img src=\"./Icons/Users_o.png\"/>"; } 2 levels if ($row10['permissions'] == 5) { print "<a href=\"Prof_1.php\"><img src=\"./Icons/sec.png\" title=\"Enseignant(e)\"/></a>"; } elseif ($row10['permissions'] == 2) { print "<a href=\"Prof_1.php\"><img src=\"./Icons/sec.png\" title=\"Enseignant(e)\"/></a>"; } else { print "<img src=\"./Icons/sec_o.png\" title=\"Enseignant(e)\"/>"; } ok so instead of have 10 lines of codes can i $row10['permissions'] == 5&2&3 ??? and can i do if not permissions ==5 redirect to loggin.. thanks This topic has been moved to Other Libraries and Frameworks. http://www.phpfreaks.com/forums/index.php?topic=357211.0 I am developing a system that with have 4 different levels of permissions. My question is this. From a structure standpoint, some systems will have the administrators area in one file and the users admin area in another file. Others will have a level of permission with all the different levels of administrative tasks, menus, etc, coming from the database. Is one of these better than the other or does it matter. From a coding standpoint it would be much easier to just have permissions and allow access to user menus and admin pages accordingly. Thanks in advance. Hi there, I am working on a little CMS site and I have run into a bit of a problem. When the user comes to publish the changes they have made I need to push the new files onto their server. I don't know whether they are on a shared host or not though, and if they are they won't be the root user and so functions like chmod() and rmdir() will be disallowed. Even if they weren't on a shared host I doubt whether they would be running scripts as root anyway. I cannot ask the user to set the file permissions to 0777 to use the CMS as I know that most people would not do that, I know I wouldn't. So my plan of action was to have the permissions set to 0644 and temporarily change them to 0777 whiles I push the changes then change it back again afterwards. I have a tiny website on a shared host so I am able to test this in the worst of scenarios and these are the errors I get: Quote from: The errors Warning: chmod() [function.chmod]: Operation not permitted in ******** on line 20 Warning: fopen(********) [function.fopen]: failed to open stream: Permission denied in ******** on line 35 Warning: fwrite() expects parameter 1 to be resource, boolean given in ******** on line 39 Warning: fclose() expects parameter 1 to be resource, boolean given in ******** on line 40 Because I am not the root user chmod is not permitted and because the file permissions are set to 0644 I cannot execute the file system functions which alter the files. It all relies on the permissions being set right. I tried using umask() but as someone says in a note on php.net, umask can only remove/delete permissions, it can't grant them. So that seems like a dead end. I can't change ownership either with chown() as that requires you to be the root to use too. Wondering what was going on I used fileperms() to find out what the permissions were according to the php and got the number 33188. Turns out after a bit of research that this is an octal number, so I converted it and got the number 100644. That looks about right, but I don't know what the 10 is doing before the permissions? Does anyone know how can I get around this problem? I would like to avoid using FTP functions if I can. Thanks for any help, Joe Hi, I've written the function below to check the permissions of a user based on the table structure of....
staff
staff_roles_id (foreign)
staff_roles
id
roleName
staff_roles_permissions
staff_roles_id (foreign)
staff_permissions_id (foreign)
staff_permissions
id
permissionName
function checkPerm($permission){
global $db;
$user = $_SESSION['userid'];
if(!$stmt = $db->prepare("SELECT * FROM staff LEFT JOIN staff_roles ON staff.staff_roles_id = staff_roles.id LEFT JOIN staff_role_permissions ON staff_roles.id = staff_role_permissions.staff_roles_id LEFT JOIN staff_permissions ON staff_role_permissions.staff_permissions_id = staff_permissions.id WHERE staff.id = ? AND staff_permissions.permissionsName = ?")){
echo $db->error;
exit;
}
$stmt->bind_param('is',$user,$permission);
if(!$stmt->execute()){
echo $db->error();
exit;
};
$stmt->store_result();
$authenticate = $stmt->num_rows;
$stmt->close();
return $authenticate;
}
So for example if I then had the permission of 'adminAccess', I would use the code below to check access, referring to the 'staff_permissions' table
if(checkPerm('adminAccess')){
echo 'you are authorised';
exit;
}
else
{
echo 'you are not authorised';
exit;
}
This works, but Is this the correct way to be going about access for group based permissions or am I missing a glaring security vulnerability here?
If this is suitable then I intend to turn it into a class, and add checkRole() which would just check the user against the 'staff_roles' table. This would then be called by $security->checkRole('example');
$security->checkPermission('example'). Would that be a good idea?
Any advice would be great - I'm not great with functions (and just starting to learn classes!)
Cheers.
Hi everyone, am developing an application that has two views 1 for administrator and 1 for staff. Administrator can perform all application tasks and Staff can ONLY perform certain task. I have implemented sessions quite alright and are working. Now the problem is that when I login as Staff and then I change the URL to point to an administrator's page the application is allowing that, How can I prevent that from happening. Staff MUST NOT see administrators pages. Here is my login code, logout code and code am using to protect webpages below. Here is my login code <?php //start the session session_start(); $username=$_POST['username']; $password=$_POST['password']; $encrypted=md5($password); // set connection to database $hostname="localhost"; // Host name $mysql_server_username="root"; // Mysql username $server_password=""; // Mysql password $db_name="db_inventory"; // Database name $table = "tbl_users"; // Table name // Connect to server and select database. mysql_connect("$hostname", "$mysql_server_username", "$server_password")or die("cannot connect to database server"); mysql_select_db("$db_name") or die ("Couldn't select the database."); $admin=("select * from $table where username='$username' AND password='$encrypted' AND type = 'admin'"); $staff=("select * from $table where username='$username' AND password='$encrypted' AND type = 'staff'"); //check that at least one row was returned $adminresult=mysql_query($admin); $admincount = mysql_num_rows($adminresult); $staffresult=mysql_query($staff); $staffcount = mysql_num_rows($staffresult); if($admincount> 0){ $_SESSION['valid_user'] = $username ; header( "Location: main_menu.php" ); } else if($staffcount> 0){ $_SESSION['valid_user'] = $username ; header( "Location: staff/main_menu.php" ); } else { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>title> | Login</title> </head> <body bgcolor="#FFFFFF" background-repeat:no-repeat; background="images/images1.jpg"> <div align="center"> <table width="800" height="501" border="0" cellpadding="1" cellspacing="1"> <tr> <td height="100"> </td> </tr> <tr> <td height="350"> <div align="center"> <form method="post" action="login_process.php"> <h4 align="center"><font color="red">Incorrect Username / Password ! Please Try Again</font></h4> <img name="" src=images/padlock_closed.gif width="34" height="32" alt="" /><br /><br /> <table width="314" border="0" cellspacing="1" cellpadding="1"> <tr> <td>Username:</td> <td><label> <input type="text" name="username" /> </label></td> </tr> <tr> <td>Password:</td> <td><label> <input type="password" name="password" /> </label></td> </tr> <tr> <td colspan="2"> <p> <input type="submit" name ="submit" value="Login" /> <input type="reset" value="Reset" /> </p> </td> </tr> </table> </form> </div> </td> </tr> <tr> <td height="100"> </td> </tr> </table> </div> </body> </html> <?php } ?> Here is my logout code <?php //start the session session_start(); //check to make sure the session variable is registered if(isset($_SESSION['valid_user'])){ //session variable is registered, the user is ready to logout session_unset(); session_destroy(); //the session variable isn't registered, the user shouldn't even be on this page header( "Location: index.php" ); } else { //check to see if the session variable is not registered if(!isset($_SESSION['valid_user'])){ //redirect to login page header( "Location: index.php" ); } } ?> Here is code I am using to protect pages <?php //start the session session_start(); //check to make sure the session variable is registered if(!isset($_SESSION['valid_user'])){ //redirect to login page header( "Location: index.php" ); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title> | Main Menu</title> <link rel="stylesheet" type="text/css" href="css.css" /> </head> <body> <div id="tabsF"> <ul> <!-- CSS Tabs --> <li id="current"><a href="main_menu.php"><span>MAIN MENU</span></a></li> <li><a href="stockmaster.php"><span>STOCK MASTER</span></a></li> <li><a href="controlpanel.php"><span>CONTROL PANEL</span></a></li> <li><a href="logout.php"><span>LOGOUT</span></a></li> </ul> </div> </body> </html> Thank you. This topic has been moved to MySQL Help. http://www.phpfreaks.com/forums/index.php?topic=355485.0 |
|||||||